[OpenLayers-Users] secure WMS and WFS

Chris Holmes cholmes at openplans.org
Wed Feb 14 17:56:48 EST 2007


>>> (2) For that solution to work the actual WMS server needs to support
>>> authentication. From what I've read so far, neither geoserver nor
>>> mapserver support it.
>> For Basic Authorization, the *webserver* needs to support
>> authentication, but not the WMS server. Simply set up basic auth for
>> /cgi-bin/mapserv:
>>
>> http://httpd.apache.org/docs/1.3/howto/auth.html#basicconfig
> 
> I understand that this works with mapserver, because mapserver runs as
> an Apache CGI script.
> 
> But, as I understand it, this is a different story with geoserver:
> geoserver doesn't require Apache or any other web server, it is a
> standalone server. And current geoserver doesn't support
> authentication.

You can easily stick Apache in front of GeoServer, using like the 
tomcat-apache connector.  Then you control access the same way, by URL. 
  There are a few other options people have done in the past, but 
nothing supported out of the box by GeoServer.

Chris

> 
>> The browser will then take care of all the authentication for you: the
>> initial request for the image will be received with a 401, which will
>> result in the user being prompted for a password. Each subsequent image
>> load will then use the cached password. So long as you can establish
>> that users typing in a password to get access to the data is acceptable,
>> this is the best way to go about it.
>>
>> Regards,
>> --
>> Christopher Schmidt
>> MetaCarta
>>
> 
> 

-- 
Chris Holmes
The Open Planning Project
http://topp.openplans.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cholmes.vcf
Type: text/x-vcard
Size: 282 bytes
Desc: not available
Url : http://lists.osgeo.org/pipermail/openlayers-users/attachments/20070214/3e31d3b0/cholmes.vcf


More information about the Users mailing list